Total
3780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36789 | 1 Tenda | 1 Ac1206 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-36786 | 1 Tenda | 1 Fh451 | 2026-06-09 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2025-40795 | 1 Siemens | 3 Simatic, Simatic Pcs Neo, User Management Component | 2026-06-09 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. | ||||
| CVE-2026-11024 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-09 | 8.8 High |
| Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-27671 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-09 | 9.8 Critical |
| Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2026-11557 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-08 | 8.8 High |
| A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-36785 | 1 Tenda | 1 Fh451 | 2026-06-08 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-11553 | 1 Tenda | 2 Hg10, Hg7hg9 | 2026-06-08 | 8.8 High |
| A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-35083 | 2 Mbs, Mbs-solutions | 37 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 34 more | 2026-06-08 | 8.8 High |
| A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | ||||
| CVE-2026-35084 | 2 Mbs, Mbs-solutions | 55 Double-a Profibus, Double-a X-link, Double-x Can and 52 more | 2026-06-08 | 8.8 High |
| A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | ||||
| CVE-2026-35085 | 2 Mbs, Mbs-solutions | 55 Double-a Profibus, Double-a X-link, Double-x Can and 52 more | 2026-06-08 | 8.8 High |
| A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | ||||
| CVE-2026-11523 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-08 | 8.8 High |
| A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-11522 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-08 | 8.8 High |
| A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-11498 | 1 Tenda | 2 Hg10, Hg7hg9 | 2026-06-08 | 8.8 High |
| A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely. | ||||
| CVE-2026-11503 | 1 Tenda | 2 Cx12l, Cx12l Firmware | 2026-06-08 | 8.8 High |
| A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-6240 | 1 Tp-link | 1 Tapo C520ws V2 | 2026-06-08 | N/A |
| A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality. | ||||
| CVE-2026-11504 | 1 Tenda | 2 Cx12l, Cx12l Firmware | 2026-06-08 | 8.8 High |
| A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-6239 | 1 Tp-link | 1 Tapo C520ws V2 | 2026-06-08 | N/A |
| A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to terminate unexpectedly, resulting in a denial‑of‑service (DoS) condition that disrupts device configuration and management functions. | ||||
| CVE-2026-11499 | 1 Tenda | 2 Hg10, Hg7hg9 | 2026-06-08 | 9.8 Critical |
| A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote. | ||||
| CVE-2026-25833 | 2 Mbed-tls, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 7.5 High |
| Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | ||||